<?php

include('pagina.php');
include('auth.php');
include('database.php');
include('core.php');

function cabecalho()
{
	/* Inicia cabecalho da pagina */
	pagina_inicio('ParkSys - Forgot login/password');
	adicionar_css('forgot.css');
	pagina_head();
}

if ($_GET['email'])
{
	$empl = query_fetch("SELECT employees.id, employees.username, employees.has_picture, contacts.name FROM employees, contacts WHERE " .
	"ISNULL(leaved) AND employees.contact_id='contacts.id' AND contacts.email='{$_GET['email']}' LIMIT 1");

	if (!$empl)
	{
		header("Location: forgot_password.php?msg=The email entered({$_GET['email']}) was not found in the system.");
		die();
	}
	else if ($_GET['confirm_yes'])
	{
		// Create a new password
		$password = "";
		for ($i=0; $i < 6; $i++)
			$password = $password . chr(rand(ord('a'), ord('z')));

		query_bd("UPDATE employees SET password=MD5('{$password}') WHERE id={$empl['id']} LIMIT 1");

		$message = "Hi {$empl['name']},\n" .
		"You(or someone) requested the Parksys's login information at {$_SERVER['SERVER_NAME']}.\n" .
		"Your login information is:\n\n" .
		"Username: {$empl['username']}\n" .
		"Password: {$password}\n\n" .
		"Go to login page for access.\n\n" .
		"Best regards,\n" .
		"{$_SERVER['SERVER_NAME']}'s admin.";

		$headers = "From: Parksys <" . admin_email . ">\r\n" .
		"Reply-To: Parksys <" . admin_email . ">\r\n" .
		"X-Mailer: Parksys";

		// Send email
		if (mail($empl['name'] . " <" . $_GET['email'] . ">", "Parksys Login information", $message, $headers))
			header("Location: index.php?msg=An email with login info was sent to the address provided({$_GET['email']}), please check inbox");
		else
			header("Location: forgot_password.php?msg=Could not send e-mail to the address given({$_GET['email']})");
		die();
	}
	else if ($_GET['confirm_no'])
	{
		header("Location: forgot_password.php?msg=The email you entered({$_GET['email']}) was found in the system, but appears not to be yours.");
		die();
	}
	else
	{
		cabecalho();
		echo "<form method=GET action=forgot_password.php>";
		echo "<img class=employee_picture src='",
            ($empl['has_picture']? "portrails/{$empl['id']}.jpg" : "portrails/unknown.png"),
            "' alt=''></a><br>";
		echo "<strong>Are you {$empl['name']}?</strong><br>";
		echo "<input type=HIDDEN name=email value='{$_GET['email']}'>";
		echo "<input type=SUBMIT name=confirm_yes value='Yes, this is me'>";
		echo "<input type=SUBMIT name=confirm_no value='No, its not me'>";
		echo "</form>";
	}
}
else
{
	cabecalho();
?>
<script type="text/javascript" language="JavaScript">
function checkForm()
{

	if (document.getElementById('email').value.length == 0)
	{
		alert("The email must not be empty.");
		return false;
	}
	else
		return true;
}
</script>

<form method=GET action=forgot_password.php onSubmit="return checkForm()">
<label for='email'>Please enter your e-mail:</label>
<input id='email' name='email' type=TEXT ><br>
<input type=SUBMIT value='Submit' />
</form>

<?php
}

echo "<div id=back><a href='index.php'>Back to login page</a></div";

/* Finaliza pagina */
pagina_fim();
?>
